Korean security agency helped FBI to take down Hive ransomware gang

By Dain Oh, The Readable
Oct. 11, 2023 7:25PM GMT+9

Seoul ― KACS 2023 Fall Conference ― With international cooperation having become a key factor in deterring cybercrimes, a South Korean security agency disclosed on Wednesday that they had contributed to taking down a ransomware gang by collaborating with the U.S. Federal Bureau of Investigation (FBI).

The Korea Internet & Security Agency (KISA) developed a recovery tool for Hive ransomware victims and provided the FBI with the tool last year. “Cyber incidents are inevitable, but the damages still can be minimized,” said Kwon Hyun-o, Head of the Digital Industry Division at KISA, during the Fall Conference hosted by the Korean Association of Cybersecurity Studies (KACS) on October 11.

The Hive ransomware group, once ranked the third most prolific cybercriminals in the world, was shut down by the FBI in January. According to the U.S. Department of Justice, the ransomware gang targeted more than 1,500 victims in over 80 countries, including hospitals, schools, financial companies, and critical infrastructure.

Kwon Hyun-o, Head of the Digital Industry Division at KISA, center, is speaking at the Fall Conference hosted by the Korean Association of Cybersecurity Studies (KACS) on October 11. Photo by Dain Oh, The Readable

It has been known that a multinational operation to disrupt the Hive ransomware group was conducted, but this was the first time for the public to learn that KISA had directly offered a tool to the FBI to interfere with the Hive's activities.

Since 2018, KISA, as the nation’s foremost security organization tasked with protecting the private sector from cyberthreats, has been working alongside researchers at Kookmin University to develop ransomware recovery tools and distribute them around the globe. In addition, KISA has been sharing information with world governments with the aim of improving overall readiness to respond to cyberattacks, wherever and whenever they might occur.

For the next four years, KISA will collaborate with the U.S. Department of Homeland Security (DHS) to develop technology able to pinpoint and specify fraudulent actors on virtual asset networks, according to Kwon. “The technology to identify illegal transactions on cryptocurrency networks is expected to be especially helpful to a number of law enforcements abroad,” added the Head.


This article was copyedited by Arthur Gregory Willers.

Dain Oh is a distinguished journalist based in South Korea, recognized for her exceptional contributions to the field. As the founder and editor-in-chief of The Readable, she has demonstrated her expertise in leading media outlets to success. Prior to establishing The Readable, Dain was a journalist for The Electronic Times, a prestigious IT newspaper in Korea. During her tenure, she extensively covered the cybersecurity industry, delivering groundbreaking reports. Her work included exclusive stories, such as the revelation of incident response information sharing by the National Intelligence Service. These accomplishments led to her receiving the Journalist of the Year Award in 2021 by the Korea Institute of Information Security and Cryptology, a well-deserved accolade bestowed upon her through a unanimous decision. Dain has been invited to speak at several global conferences, including the APEC Women in STEM Principles and Actions, which was funded by the U.S. State Department. Additionally, she is an active member of the Asian American Journalists Association, further exhibiting her commitment to journalism.